#!/bin/sh

/bin/echo "Prepare net rules ......"

IPTABLES="/usr/local/bin/iptables"

# flush rules
$IPTABLES -F
$IPTABLES -F INPUT
$IPTABLES -F FORWARD

# INPUT rules
$IPTABLES -P INPUT DROP	
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -N PROXYSERVER
$IPTABLES -A INPUT -j PROXYSERVER

$IPTABLES -N PROXYDELEGATED
$IPTABLES -A INPUT -j PROXYDELEGATED

$IPTABLES -A INPUT -i lo -j ACCEPT

$IPTABLES -N ADMINRANGE
$IPTABLES -A INPUT -j ADMINRANGE


# FORWARD rules
# Bridge 
#$IPTABLES -P FORWARD DROP	

# create new chain
$IPTABLES -t nat -N DEBUG
$IPTABLES -t nat -N REPLY
$IPTABLES -t nat -N USERFILTER
$IPTABLES -t nat -N USERPOLICY
$IPTABLES -t nat -N APPLY
$IPTABLES -t nat -N DISABLED
$IPTABLES -t nat -N USERDNAT	

$IPTABLES -t nat -N USERSNAT	

$IPTABLES -t nat -N KEYWORDS

$IPTABLES -t nat -N froxsnat
$IPTABLES -t nat -N froxdnat

# prepair main chain
$IPTABLES -A PREROUTING  -t nat -j DEBUG
$IPTABLES -A PREROUTING  -t nat -j REPLY
$IPTABLES -A PREROUTING  -t nat -j USERFILTER
$IPTABLES -A PREROUTING  -t nat -j USERPOLICY
$IPTABLES -A PREROUTING  -t nat -j APPLY
$IPTABLES -A PREROUTING  -t nat -j DISABLED
$IPTABLES -A PREROUTING  -t nat -j KEYWORDS
$IPTABLES -A PREROUTING  -t nat -j USERDNAT

$IPTABLES -A POSTROUTING -t nat -j USERSNAT	


# prepair REPLY chain
$IPTABLES -t nat -I REPLY -m state --state ESTABLISHED,RELATED -j ACCEPT

# for ftp proxy
$IPTABLES -t nat -A REPLY -j froxdnat
$IPTABLES -t nat -I POSTROUTING 1 -j froxsnat


#MSN: iptables -t nat -A PREROUTING -p tcp --destination-port 1863 -j REDIRECT --to-ports 16667
#ICQ/AIM: iptables -t nat -A PREROUTING -p tcp --destination-port 5190 -j REDIRECT --to-ports 16667
#Yahoo: iptables -t nat -A PREROUTING -p tcp --destination-port 5050 -j REDIRECT --to-ports 16667
#IRC: iptables -t nat -A PREROUTING -p tcp --destination-port 6667 -j REDIRECT --to-ports 16667
#Gadu-Gadu: iptables -t nat -A PREROUTING -p tcp --destination-port 8074 -j REDIRECT --to-ports 16667

